US names one of hackers allegedly behind massive Salt Typhoon breaches

As the end of the Biden administration nears, the White House released a A 40-page executive order on Thursday aimed at strengthening federal cybersecurity protections and putting up railings against the US government’s use of AI. WIRED also spoke with the outgoing US ambassador about cyberspace and digital policy, Nathaniel Feek, on the urgent need for the Trump administration not to cave to Russia and China in the global race for technical dominance. Outbound FCC Chair Jessica Rosenworcel gives WIRED the details threats facing US telecommunications, at least nine of which were recently breached by Chinese Salt Typhoon hackers. Meanwhile, U.S. officials are still struggling to deal with multiple spying campaigns and other data breaches, with new revelations this week that an AT&T breach uncovered last summer compromised FBI call and text logs that could reveal the identities of anonymous sources.

Huione Guarantee, the massive online marketplace that researchers say provides a range of services to online fraudsters, is expanding its offerings to include messaging app, stablecoin, and crypto exchange and has facilitated a whopping $24 billion in transactionsaccording to new research. New findings point to this GitHub’s efforts to crack down on the use of deeply fake porn software are failing. And WIRED took a deep dive into an opaque world of predictive travel surveillance and data-pumping companies and governments on international travelers in AI tools designed to detect people who may be a “threat”.

But wait, there’s more! Every week, we round up security and privacy news that we haven’t covered in depth. Click on the headlines to read the full stories. And stay safe out there.

China is spying, the US is spying, everyone is spying. Mutual espionage is a geopolitical game played by almost every nation in the world. So when the US government singles out a hacker for an espionage intrusion, names and sanctions him, he must have spied aggressively or effectively enough to anger very powerful people.

On Friday, the U.S. Treasury Department imposed sanctions on Ying Kecheng, a 39-year-old Chinese national accused of involvement in both the hacking of nine U.S. telecommunications companies by the Chinese hacking group known as Salt Typhoon and another recent Treasury Department breach. US finances. In a statement on the news, the Ministry of Finance said Ying was linked to China’s Ministry of State Security and had been a “cyber actor” for more than a decade. It also imposed sanctions on Sichuan Juxinhe Network Technology, a company the Treasury Department says is also linked to Salt Typhoon.

The Salt Typhoon breach of US telecommunications gave Chinese hackers massive access to Americans’ real-time text messages and phone calls, and was reportedly used to spy on President-elect Donald Trump and Vice President-elect JD Vance, among other purposes. FBI Director Christopher Wray has named telco breach China’s “most significant cyberespionage campaign in history”.

As the Treasury Department strikes back against China’s spying operations, it is still working to determine the extent of the infiltration carried out by some of these same hackers into its network. An internal Treasury Department report obtained by Bloomberg found that hackers broke into at least 400 of the agency’s computers and stole more than 3,000 files in a recent breach. The espionage-focused intrusion appears to have gone after sanctions and law enforcement-related information, the report, as well as other intelligence materials, found. Despite this massive access, the attackers did not gain access to the Treasury Department’s emails or classified parts of its network, the report said, nor did they leave malware that would suggest an attempt to maintain longer-term access.

The Department of Justice revealed this week that the FBI conducted an operation to wipe a sample of the malware known as PlugX from 4,200 computers worldwide. The malware, which is usually transmitted to computers via infected USB drives, has been around for at least a decade and is sometimes used by Chinese state-sponsored hacking groups to target Chinese dissidents. In July last year, cybersecurity firm Sekoia and French law enforcement authorities took over the command-and-control server behind the malware. This week, the FBI obtained a court order that allows the bureau to send a self-destruct command to software on infected machines.

Following news earlier this week of a December cyberattack that breached U.S. education technology platform PowerSchool, the school districts targeted by the breach told TechCrunch on Thursday that the attackers gained access to “all” of the data stored on students and teachers in their accounts. PowerSchool is used by more than 60 million K-12 students in the US. Hackers gained access to the information by stealing login credentials that gave them access to the company’s customer support portal. The attack has not yet been publicly linked to a specific perpetrator. PowerSchool has not yet disclosed the exact number of schools affected, nor whether all of its customers have been affected.